KyberSwap Exploited in $46 Million Attack Due to ‘Infinite Money Glitch’
According to Ambient Exchange founder Doug Colkitt, KyberSwap’s $46 million hack was “the most complex and carefully engineered smart contract exploit” and confirmed that what happened was an infinite money glitch.
In a detailed thread on X dated November 23, Colkitt outlined the intricacies of the attack, shedding light on the methods employed by the attacker.
1/ Finished a preliminary deep dive into the Kyber exploit, and think I now have a pretty good understanding of what happened.
This is easily the most complex and carefully engineered smart contract exploit I've ever seen…
— Doug Colkitt (@0xdoug) November 23, 2023
Colkitt explained that the attacker exploited a distinctive implementation of KyberSwap’s concentrated liquidity feature, manipulating the contract to believe it possessed more liquidity than it actually did. To explain the intricacies of the attack, and with the attacks following similar strategies employed by the attacker across other pools, Colkitt focused on the first attack, which targeted the ETH/wstETH pool.
The process began with a flash loan of 10,000 wstETH, valued at $23 million at the time. Subsequently, 2,800 wstETH (equivalent to $6 million) was swapped into the pool to alter the price from 1.05 ETH to 0.0000152. Unlike typical flash loans, the goal here was not to manipulate an oracle but to move the pool price to an area on the concentrated liquidity curve with zero existing liquidity.
This precise manipulation of Kyber’s concentrated liquidity math created an opportunity for the attacker to exploit the system. The attacker generated 3.4 wstETH of liquidity in a specific price range and then inexplicably burned 0.56 wstETH of liquidity, possibly to align subsequent numerical calculations perfectly.
The exploit executed two swaps in this manipulated liquidity environment. In the first swap, the exploiter sold 1,056 wstETH for 0.0157 ETH, pushing the price down to 0.0000146. The second swap involved the exploiter buying 3,911 wstETH from the pool for 0.06 ETH, raising the price back up to 0.00001637.
According to Colkitt, the key revelation in the attack was the creation of an infinite money glitch. The second swap resulted in the exploiter receiving more money than paid in the first swap, even though the only liquidity present was the approximately 3 wstETH minted at the beginning of the exploit. This intricate manipulation allowed the attacker to drain the pool successfully.
Doug Colkitt Unravels KyberSwap Attack, Reveals Exploitation of Concentrated Liquidity
In the unraveling of the complex KyberSwap attack, Doug Colkitt further raised questions about the unexpected additional funds generated during the attack and set out to investigate the anomalies. He discovered that the attacker, by carefully exploiting KyberSwap’s concentrated liquidity feature, tricked the platform into perceiving more liquidity than actually existed, resulting in overpayments for large swaps.
The key to this manipulation lies in a flaw related to KyberSwap’s handling of liquidity at tick boundaries. Colkitt highlighted two crucial clues that aided in understanding the exploit’s mechanics. Firstly, the resting state of the pool’s liquidity at the end of the second swap showed a non-zero value, even though the swap ended at a price outside the attacker’s liquidity range.
The second clue came from comparing the call trace stack for the first and second swaps. In KyberSwap, when tick boundaries are crossed, the `updateLiquidityAndCrossTick` function is invoked to adjust the curve’s liquidity value based on the LP range positions at that tick.
The exploit successfully manipulated this process during the first swap. Colkitt explained that the `updateLiquidityAndCrossTick` function was never called during the first swap, even though it should have been. This allowed the attacker to double-count liquidity when moving back in range, creating the illusion of more liquidity than there actually was.
The technical intricacies involved exploiting KyberSwap’s calculation of swaps as a series of steps, with each step determining whether the swap reaches a tick boundary or exhausts. The attacker skillfully manipulated these calculations, preventing the invocation of `updateLiquidityAndCrossTick` during the first swap while ensuring it occurred during the second swap, thereby tricking the pool into double-counting the liquidity.
2/ First thing to note is this exploit is specific to Kyber's implementation of concentrated liquidity
There's no reason to believe that other reputable concentrated liquidity dexes, like Ambient or Uniswap, are at risk from this exploit. (Though Kyber forks obviously are)
— Doug Colkitt (@0xdoug) November 23, 2023
However, Colkitt emphasized that the exploit discussed in the analysis is specific to KyberSwap’s implementation of concentrated liquidity. There is currently no indication or reason to believe that other reputable decentralized exchanges implementing concentrated liquidity, such as Ambient or Uniswap, are at risk from this particular exploit. He also noted that KyberSwap forks may be vulnerable, but platforms with distinct implementations are not necessarily exposed to the same risks.